In the PATCH implementation, path either references local attributes or attributes from a related resource in a subcollection.

1.1.7. Return Codes

Success

200 OK - The request has succeeded without errors, this code should be returned for example when retrieving a collection or a single resource.

201 Created - The request has been fulfilled and resulted in a new resource being created.
The resource is available before this status code is returned.
The response includes the HTTP body of the newly created resource.

202 Accepted - The request has been accepted for processing, but the processing has not been completed.
Like, resource is not fully available yet.
This status code is usually returned when the resource creation happens asynchronously.
In this case the HTTP response includes a pointer to monitor or a job where the client can query to get the current status of the request and the estimate on when the request will be actually fulfilled.

204 No Content - The server has fulfilled the request but does not need to return an entity-body, and might want to return updated meta information.
This HTTP response is commonly used for the DELETE requests, as the resource that was deleted does not exists anymore.

Client Errors

400 Bad Request - The request could not be understood by the server due to malformed syntax.
The client SHOULD NOT repeat the request without modifications.
In REST API this status code should be returned to client when the client use the wrong combination of attributes, like expanding the non-existing collection, or using the pagination parameter incorrectly.
Another use-case could be creating or performing actions on the resource, when the wrong JSON serialization of the resource or action is used.

401 Unauthorized - The request requires user authentication.
The response MUST include a Authenticate header field containing a challenge applicable to the requested resource.
If the request include Authenticate header, then this HTTP status code might indicate that the current user is not authorized to perform given action or to access given resource.

403 Forbidden - The server understood the request, but is refusing to fulfill it.
Authorization will not help in this case.
This HTTP status code might indicate that the action performed is not supported for this resource or collection.

404 Not Found - In this case, the server has not found anything that matches with the URL.

415 Unsupported Media Type - The server is refusing to service the request because the entity of the request is in a format not supported by the requested resource for the requested method.
This error must be returned, when the client is explicitly asking for format other than JSON (application/json).

Server Errors

500 Internal Server Error - The server encountered an unexpected condition which prevented it from fulfilling the request.
This error code must be used when an exception is raised in the application and the exception has nothing to do with the client request.

1.1.8. CRUD Examples

The following examples show the basic CRUD operations (Create, Read, Update, Delete) using the REST API.

The commands below use basic authentication via the --user admin:smartvm credentials argument.
For multiple API calls, it is recommended to access the ManageIQ REST API via token-based authentication.
See Authentication for details.

When a request fails due to an invalid token, the client must re-authenticate with the user credentials to obtain a new Authentication Token.

1.3. JSON Specification

The API uses JSON throughout; the Content-Type for all requests and responses is application/json.

As is general practice with REST, clients should not make assumptions about the server’s URL space.
Clients are expected to discover all URL’s by navigating the API.
To keep this document readable, we still mention specific URL’s, generally in the form of an absolute path.
Clients should not use these, or assume that the actual URL structure follows these examples, and instead use discovered URL’s.
Any client should start its discovery with the API entry point, here denoted with /api.

1.3.1. Basic types

The following are basic data types and type combinators that are used throughout:

Name

Explanation

Example serialization

Integer

Integer value

{ "id" : 10 }

String

JSON string

{ "state" : "running" }

URL

Absolute URL

{ "href" : "http://SERVER/vms/1/start" }

Timestamp

Timestamp in ISO8601 format

{ "created" : "2013-12-05T08:15:30Z" }

Array[T]

Array where each entry has type T

{ "vms" : [ { "id" : 1 }, { "id" : 2 }] }

Ref[T]

A reference to a T, used to model relations, the T is a valid Resource identifier

{ "vm" : { "href" : URL } }

Collection

Array[T] where T represents a Ref[T], this might allow actions to be executed on all members as a single unit

The availability of these common actions depends on the role and permissions that the current API user has for a particular resource.

1.3.3. Collections

Resources can be grouped into collections.
Each collection is unordered, and is homogeneous so that it contains only one type of resource.
Resources can also exist outside any collection; these resources are referred to as singleton resources.
Collections are themselves resources as well.

Collections can exist globally, at the top level of an API, and can also be contained inside a single resource.
The latter are referred to as sub-collections.
Sub-collections are usually used to express a relationship where one resource is contained within another.

The count attribute in a collection always denotes the total number of items in the collection, not the number of items returned.

The subcount attribute in a collection depicts the number of items returned.

The resources attribute is an Array[T], where T might be a list of references to the T or, if expanded, a list of resources with all attributes.

The actions attribute contains an Array of actions that can be performed against the collection resources.

1.3.4. Action Specification

The representation of each resource will only contain an action and its URL if the current user is presently allowed to perform that action against that resource.
Actions will be contained in the actions attribute of a resource; that attribute contains an array of action definition, where each action definition has a rel, method and a href attribute.

name attribute contains the action name

method attribute states the HTTP method that must be used in a client HTTP request in order to perform the given action (eg.
GET, POST, PUT, DELETE)

href attribute contains the absolute URL that the HTTP request should be performed against

form is an optional attribute that references a JSON document which describes the resource attributes that can be provided in the message body when performing this action.
This description indicates which of those attributes are mandatory and which are optional.

Collection actions

The actions performed against a collection of resources, are in most cases batch operations against multiple resources.
The action request must include an HTTP body with the action name and the list of resource representations that the action will be performed against.

The resource representation might include the resource attributes as they can change the way how the action is actually performed.
In the example below, the first resource is started with enable_ipmi attribute, but the second resource omits this attribute which means the default value will be used.

An action performed against a given resource is always described in the body of the HTTP request.
The HTTP body could contain a list of resource attributes that dictate how the state of the receiving resource is to be changed once the action is performed.
At minimum the JSON document in the message body must contain the name of the action to be performed.

In cases where no attributes are required to perform an action the HTTP body will contain an empty JSON document, in which case default values will be assigned to the corresponding attributes.

required - These attributes must be specified for the action to be carried out.

optional - These are optional attributes, which may be specified and processed by the action.
These may be shown in a UI but not enforced.

internal - It is not necessary to define these, but they are required for a UI form to show and extended a form with more attributes than the required and optional identifiers permit.
This identifier shows what attributes are system managed and not modifiable by the REST client.

1.4. Query Specification

This specification identifies the controls available when querying collections.

1.4.1. Control Attributes

The controls are specified in the GET URL as attribute value pairs as follows:

GET /api/resources?ctl1=val1&ctl2=val2

Category

Attribute

Semantics

Paging

offset

0-based offset of first item to return

limit

number of items to return. If 0 is specified then the remaining items are returned

Which attributes
in addition to id and href to return. If not specified or all (default is
attributes=all), then all attributes are returned

expand=resources

To expand the resources
returned in the collection and not just the href. See
Expanding Collection below

Sorting

sort_by=atr1,atr2,…​

By which attribute(s) to sort the result by

sort_order=ascending or descending

Order of the sort

The count attribute in a collection always denotes the total number of items in the collection, not the number of items returned.

The subcount attribute in a collection denotes the number of items from the collection that were returned, for example as the result of a paged request.

1.4.2. Filtering

GET requests against collections support the following query parameters to enable filtering:

filter[]: The SQL filter to use for querying the collection.

GET /api/resources?filter[]=name='myservice%25'

The query above requests resources that begin with the name myservice.
String values must be contained in single or double quotes.
Special characters within the quotes must be URL encoded.
In the example above, the database wildcard character, %, is encoded as %25.

1.4.3. Expanding Collections

While in the JSON serialization example the description says that the resource might be a list of references to the resource, using the expand parameter returns a full JSON serialization of the resource instead: